[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Thu, 27 Feb 1997, Andrew G. Morgan wrote:

> Mark Lillywhite wrote:
> > I can't work out where the user ID and group ID(s) are supposed to be set
> > by PAM. In fact, from reading the pam_unix*.c and login.c code it seems to
> > me that it's still the application's responsability to determine a numeric
> > UID and GID(s)... which seems quite strange to me. Is there a standard way

Time to ask some questions.. I too have been thinking about a way to do
central authentication, here is my idea (might come out in raw mode):

Central RADIUS server, it has a full password+shadow file. The passwd
file can then be rdist (or whatever) to the client machines. Have client
programs, login, pop3d, ftpd, etc check (via PAM through RADIUS) to the
central server.

Thus, PAM is not doing and gid or uid lookups, because it's getting that
from the local /etc/passwd file. The client machines can either have the
full passwd file, or just a small one that has people you want on that
machine. 

The central RADIUS server would not have any type of telnet or rlogin
access for security reasons, so no-one could even SEE your shadow file. 

I might have missed something, and think of it later =)

But from my understanding, this would be a psuedo-NIS. 

Any thoughts?

Daniel



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []